Hi!
On Monday 12 September 2011 17:43:23 Christian Schneider wrote:
> I have updated the documentation in the Wiki:
> https://cwiki.apache.org/confluence/display/CXF20DOC/Client+HTTP+Transport+%
> 28including+SSL+support%29
>
> Btw. if you want to help with documentation we can give you access to
> the Wiki.
>
As I'm quite new in using CXF I think that I can't contribute that much yet.
However I'll help wherever I can.
> It should be possbile to use authentication when retrieving the WSDL. I
> don´t know you can use Spnego though.
>
> Anyway I would not recommand to use the WSDL from a server directly.
> Better store the WSDL somewhere and version it separately.
> So I think it is not so bad to store it with the code. It allows you to
> see how the WSDL looked like when you compiled. If it changes later and
> you did not store it then how do you prove that you used the correct
> WSDL if someone says your client is incorrectly calling the server.
>
You're absolutely right about this. However because I'm in charge of both the
client and the server code, this shouldn't be a big issue in my case. :)
> Christian
>
> Am 12.09.2011 15:29, schrieb Michael Sliwak:
> > Ok, this did the trick.
> >
> > The following steps are necessary:
> >
> > 1) make sure that krb5.conf/krb5.ini is configured correctly for the
> > Kerberos realm you want to authenticate against and supply it to your
> > application by setting the java.security.krb5.conf system property
> >
> > 2) supply a login.conf to your application by setting the
> > java.security.auth.login.config system property, e.g.:
> >
> > MyConfig {
> >
> > com.sun.security.auth.module.Krb5LoginModule required
> > client=TRUE useTicketCache=true;>
> > };
> >
> > 3) set up spnego using xml configuration or through code: (e.g. in
> > cxf.xml)
> >
> > <http:conduit name="*.http-conduit">
> >
> > <http:authorization>
> >
> > <sec:UserName>username</sec:UserName>
> > <sec:Password>password</sec:Password>
> > <sec:AuthorizationType>Negotiate</sec:AuthorizationType>
> > <sec:Authorization>MyConfig</sec:Authorization>
> >
> > </http:authorization>
> >
> > </http:conduit>
> >
> > Now Kerberos authentication works when supplying username and password.
> > However using an existing TGT still does not work for me.
> >
> > Maybe the documentation should be updated accordingly.
> >
> > Another issue using authentication with the http transport is that it is
> > not possible for me to point the wsdl location for my client directly
> > to the server as it seems that CXF is completely ignoring the
> > authentication challenge when trying to download the wsdl. So I have to
> > download the wsdl manually and place it somewhere local to my
> > application.
--
Michael Sliwak, M.Sc.
Raytion GmbH
Kaiser-Friedrich-Ring 74
40547 Düsseldorf
Fon +49-211-550266-0
Fax +49-211-550266-19
[email protected]
http://www.raytion.com
